PC Forensics - Specialized Investigative Tools

Class Code:

D310

Subject Area:

D - Digital Evidence

Class Location:

Pasadena

Class Description:

This 40-hour course is designed to provide investigators with the training, skills, knowledge and practical experience in using some of the more advanced tools developed for computer forensics. Instruction will be provided on different tools each fiscal year.
The course includes:
The principles of how/why the tool was developed;
Imaging digital evidence;
How the tool verifies and ensures no changes to original evidence;
Setting up a forensic case;
Use of Hash and Signature analysis to limit area searched;
Word/text searching;
Boolean terms, GREP expressions and Scripts to increase search effectiveness,
Creating a report of results of investigation

Instructor:

Guidance Software

Teaching Methods:

Lectures and hands-on activity.

Objectives:

Students will understand the functions and capabilities of the forensic tool. They will receive training and practice using the tool to conduct forensic investigations. The training will include how to make image files of digital evidence and how to verify that no changes were made to the evidence while conducting the investigation.